The following relates generally to wireless communication, and more specifically to on-demand network function re-authentication based on key refresh.
Wireless communication systems are widely deployed to provide various types of communication content such as voice, video, packet data, messaging, broadcast, and so on. These systems may be capable of supporting communication with multiple users by sharing the available system resources (e.g., time, frequency, and power). Examples of such multiple-access systems include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency division multiple access (FDMA) systems, and orthogonal frequency division multiple access (OFDMA) systems, (e.g., a Long Term Evolution (LTE) system). A wireless multiple-access communication system may include a number of base stations, each simultaneously supporting communication for multiple communication devices, which may be otherwise known as user equipments (UEs).
UEs may establish connections with a base station using authentication procedures. The authentication procedures may include establishing a security context for the UE and the associated network entities, e.g., an authentication and key agreement (AKA) protocol used to generate one or more security keys. The security keys may be used to secure and protect the air interface between the UE and the base station as well as backhaul traffic protection between various network entities. The security context may be created when the UE initially attaches to the core network via the base stations. The security context may then be stored at each network node associated with the connection, e.g., at the base station, at the mobility management entity (MME), at the home subscriber server (HSS), etc.
In some circumstances, the security context may be stored for an extended period of time. For example, UEs or other mobile devices (e.g., internet of thing (IoT) devices) may establish a connection and only send traffic infrequently. It is inefficient to use resources to establish a new security context each time such a device needs to send traffic. Additionally or alternatively, considerable battery power is used on the mobile devices to transmit and receive messages according to the AKA protocol. Further, maintaining the security context at the network nodes may raise a security concern. For example, a network node may be compromised due to a security key being leaked. The attacker could then use the leaked security key to impersonate the network node and therefore compromise communications with the UE.